Trust Assessment
x-search received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned `npx` dependency allows arbitrary code execution, Potential command injection via search query passed to external tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned `npx` dependency allows arbitrary code execution The skill executes an `npx` package (`@itzannetos/x402-tools-claude`) without specifying a version. This means the latest version will always be downloaded and executed. A malicious update to this package could introduce arbitrary code execution, data exfiltration, or credential harvesting vulnerabilities without any change to the skill's code. This is a significant supply chain risk. Pin the `npx` package to a specific, known-good version (e.g., `npx -y @itzannetos/x402-tools-claude@1.2.3 x-search "$QUERY"`). Regularly review and update the pinned version to mitigate risks from compromised or malicious package updates. | LLM | scripts/search.sh:42 | |
| HIGH | Private key exposed to unpinned external dependency The `X402_PRIVATE_KEY` is exported as an environment variable, making it accessible to the `npx` process and the `@itzannetos/x402-tools-claude` package. Since this `npx` package is unpinned (always fetching the latest version), a malicious update could easily exfiltrate this private key, leading to unauthorized access or financial loss. Pin the `npx` package to a specific, known-good version. Consider alternative methods for passing sensitive credentials that limit their exposure (e.g., file descriptors, secure environment variables if the tool supports it, or a dedicated secrets management system) to reduce the attack surface. | LLM | scripts/search.sh:30 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/tzannetosgiannis/x-search/scripts/search.sh:19 | |
| MEDIUM | Potential command injection via search query passed to external tool The user-provided search query (`$QUERY`) is passed directly as an argument to an external `npx` command. While the query is double-quoted in the `bash` script, preventing shell metacharacter interpretation by the `bash` script itself, the `npx` tool or the underlying Node.js package (`@itzannetos/x402-tools-claude`) might internally process this argument in a way that allows for command injection (e.g., by passing it to `child_process.exec` or another shell command without proper sanitization/escaping). This risk is amplified by the unpinned dependency. Ensure the `@itzannetos/x402-tools-claude` package properly sanitizes or escapes the search query before using it in any shell execution context. If possible, use a safer API that avoids shell interpretation (e.g., `child_process.spawn` with an arguments array instead of `exec` with a single command string). Pin the dependency to a known-good version. | LLM | scripts/search.sh:42 |
Scan History
Embed Code
[](https://skillshield.io/report/bb11bc23776db771)
Powered by SkillShield